cleantalk
Vulnerabilities and Security Researches

Supervisor, CVE-2025-11887

CVE, Research URL

CVE-2025-11887

Home page URL

Security reports for Supervisor

Application

Supervisor

Published on
Oct 24, 2025
Research Description
The Supervisor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update various plugin settings.
Affected versions
max 1.3.3.
Status
vulnerable
Previous vulnerability researches
Supervisor (CVE-2025-11887) , Nov 10, 2025
New vulnerability
WPC Smart Messages for WooCommerce (CVE-2025-62903) , Nov 11, 2025
Popular Posts by Webline (CVE-2025-62900) , Nov 11, 2025
Simple Youtube Shortcode (CVE-2025-11811) , Nov 11, 2025
Open Currency Converter (CVE-2025-62939) , Nov 11, 2025
Cookie Notice & Consent (CVE-2025-10496) , Nov 11, 2025